aether/vociferate
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 7 Wiki Activity

fix(release): unwrap teacup token inputs and correct failure summary
Some checks failed
Push Validation / recommend-release (push) Has been cancelled
Details
Push Validation / coverage-badge (push) Has been cancelled
Details

Browse Source 
Normalize %touch docker-compose.yml(string=...) wrapped token values in publish composite before
API calls. This prevents malformed Authorization headers under teacup.
Also only print 'Release Published' summary when the publish step succeeds,
and print a failure summary otherwise.
This commit is contained in:
Micheal Wilkinson
2026-03-21 19:51:26 +00:00
parent 4a2d234ba3
commit 84f6fbcfc8
2 changed files with 37 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.gitea/workflows/prepare-release.yml
View File

@@ -298,9 +298,11 @@ jobs:
env:
TAG_NAME: ${{ steps.publish.outputs.tag }}
RELEASE_VERSION: ${{ steps.publish.outputs.version }}
PUBLISH_OUTCOME: ${{ steps.publish.outcome }}
run: |
set -euo pipefail
if [[ "${PUBLISH_OUTCOME}" == "success" ]]; then
{
echo "## Release Published"
echo
@@ -308,6 +310,14 @@ jobs:
echo "- Release notes sourced from changelog entry ${RELEASE_VERSION}."
echo "- Published assets: vociferate_${RELEASE_VERSION}_linux_amd64, vociferate_${RELEASE_VERSION}_linux_arm64, checksums.txt"
} >> "$SUMMARY_FILE"
else
{
echo "## Release Failed"
echo
echo "- Tag: ${TAG_NAME:-unknown}"
echo "- Create or update release step did not complete successfully."
} >> "$SUMMARY_FILE"
fi
echo 'Summary'
echo

28
publish/action.yml
View File

@@ -99,7 +99,13 @@ runs:
run: |
set -euo pipefail
if [[ -z "${TOKEN:-}" ]]; then
raw_token="$(printf '%s' "${TOKEN:-}" | sed 's/^[[:space:]]\+//; s/[[:space:]]\+$//')"
if [[ "$raw_token" =~ ^%\!t\(string=(.*)\)$ ]]; then
raw_token="${BASH_REMATCH[1]}"
fi
api_token="$(printf '%s' "$raw_token" | sed 's/^[[:space:]]\+//; s/[[:space:]]\+$//')"
if [[ -z "$api_token" ]]; then
echo "inputs.token is required (set to secrets.RELEASE_PAT)." >&2
exit 1
fi
@@ -110,7 +116,7 @@ runs:
release_by_tag_api="${release_api}/tags/${TAG_NAME}"
status_code="$(curl -sS -o release-existing.json -w '%{http_code}' \
-H "Authorization: token ${TOKEN}" \
-H "Authorization: token ${api_token}" \
-H "Content-Type: application/json" \
"${release_by_tag_api}")"
@@ -122,13 +128,16 @@ runs:
exit 1
fi
curl --fail-with-body \
if ! curl --fail-with-body \
-X PATCH \
-H "Authorization: token ${TOKEN}" \
-H "Authorization: token ${api_token}" \
-H "Content-Type: application/json" \
"${release_api}/${existing_release_id}" \
--data "{\"tag_name\":\"${TAG_NAME}\",\"name\":\"${TAG_NAME}\",\"body\":\"${escaped_release_notes}\",\"draft\":false,\"prerelease\":false}" \
--output release.json
--output release.json; then
cat release.json >&2 || true
exit 1
fi
echo "id=$existing_release_id" >> "$GITHUB_OUTPUT"
elif [[ "$status_code" != "404" ]]; then
@@ -136,13 +145,16 @@ runs:
cat release-existing.json >&2
exit 1
else
curl --fail-with-body \
if ! curl --fail-with-body \
-X POST \
-H "Authorization: token ${TOKEN}" \
-H "Authorization: token ${api_token}" \
-H "Content-Type: application/json" \
"${release_api}" \
--data "{\"tag_name\":\"${TAG_NAME}\",\"name\":\"${TAG_NAME}\",\"body\":\"${escaped_release_notes}\",\"draft\":false,\"prerelease\":false}" \
--output release.json
--output release.json; then
cat release.json >&2 || true
exit 1
fi
release_id="$(sed -n 's/.*"id"[[:space:]]*:[[:space:]]*\([0-9][0-9]*\).*/\1/p' release.json | head -n 1)"
if [[ -z "$release_id" ]]; then